Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CVAT has information disclosure via browsable API
Vulnerability Description
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. In versions starting from 2.4.0 to before 2.38.0, an authenticated CVAT user may be able to retrieve the IDs and names of all tasks, projects, labels, and the IDs of all jobs and quality reports on the CVAT instance. In addition, if the instance contains many resources of a particular type, retrieving this information may tie up system resources, denying access to legitimate users. This issue has been patched in version 2.38.0.
CVSS Information
N/A
Vulnerability Type
通过发送数据的信息暴露
Vulnerability Title
Computer Vision Annotation Tool 安全漏洞
Vulnerability Description
Computer Vision Annotation Tool(CVAT)是cvat.ai开源的一种用于计算机视觉的交互式视频和图像注释工具。 Computer Vision Annotation Tool 2.4.0至2.38.0之前版本存在安全漏洞,该漏洞源于认证用户可能检索所有任务和项目信息,可能导致信息泄露和拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A